Virus Disabled System Restore & Windows Security

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


Hello All,
Some months back I was infected by some virus but running Malwarebytes
and other anti virus programs cleaned it up......or so I thought. I
just realized that it disabled System Restore and Windows Security
Service Center. When I try to turn on Security Center I get an error
message saying it can't be started and when I go to system restore I
get a "System Restore has been turned off by system admin". I can't
use System Restore at all now. I run Windows 7 Home Premium 64 bit and
System Restore is a tool that I need. Does anyone have any ideas how I
can get these features working again.
Thank you.

Re: Virus Disabled System Restore & Windows Security



On Tue, 25 May 2010 13:10:03 -0400, Doug R

Quoted text here. Click to load it

Make a regular backup (image) of your Windows with:
- Macrium Reflect Free
http://www.macrium.com/reflectfree.asp
(I make a weekly backup and keep the last 3 "generations")

I disabled "system restore" as Macrium Reflect is much better.
 ;-)


--
Fred W. (NL)

Re: Virus Disabled System Restore & Windows Security



Doug R wrote:
Quoted text here. Click to load it

MBAM isn't known to be antiviral, won't even detect; IroK, Toady, Krilie,
Weed, Rustybug, all written and distributed by someone claiming to be a
'malware researcher' for the company. At least until the super secret
circumstances of his separation transpired.

Re: Virus Disabled System Restore & Windows Security



Quoted text here. Click to load it

It claims detection for *some* viruses and worms though.



Re: Virus Disabled System Restore & Windows Security




Quoted text here. Click to load it


| It claims detection for *some* viruses and worms though.


Yes but will not "clean" a virus infected file.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Virus Disabled System Restore & Windows Security



Quoted text here. Click to load it

Does it detect virally infected files? What I mean is, I'm sure it can
detect blended threats by their *other* vector's wormlike artifacts
(dropped copies of themselves for instance) but can it detect a single
file infected by Virut for instance (which is listed as a detectable
malware)?



Re: Virus Disabled System Restore & Windows Security




Quoted text here. Click to load it

| Does it detect virally infected files? What I mean is, I'm sure it can
| detect blended threats by their *other* vector's wormlike artifacts
| (dropped copies of themselves for instance) but can it detect a single
| file infected by Virut for instance (which is listed as a detectable
| malware)?

It may detect a file that is infected with Parite or Virut but can not remove
the Parite
or Virut virus from the file that had been infected.

IFF detected, file would be deleted thus iMBAM does not really target such
infectors and
leaves them to traditional anti virus applicatiosn that will.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Virus Disabled System Restore & Windows Security




Quoted text here. Click to load it

Thanks for the information.



Re: Virus Disabled System Restore & Windows Security






Quoted text here. Click to load it




| Thanks for the information.


YW

Think of MBAM as a supplement not as a replacement for traditional anti virus
applications.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Virus Disabled System Restore & Windows Security



@news.eternal-september.org:

Quoted text here. Click to load it

Yes.. it can..in some cases. Virut is very polymorphic tho.


--
Are you a former BBSer? Want to go back in time to the old days of
ANSI and Renegade? Fire up telnet and go here then: ttb.slyip.com


Re: Virus Disabled System Restore & Windows Security




Quoted text here. Click to load it

Most infections these days aren't viral; but trojans... Malwarebytes deals
with that stuff just fine. It's never claimed to be antivirus; but
antimalware.

All of the claims, the viruses and the researcher for the company are true.
The reasons I am no longer with them will remain between myself and them. I
don't believe that has any relevancy here; except to say, since I did go my
own way, it stands to reason, that I did work for them.. Doh! (homer
simpson style).



--
Are you a former BBSer? Want to go back in time to the old days of
ANSI and Renegade? Fire up telnet and go here then: ttb.slyip.com


Re: Virus Disabled System Restore & Windows Security



On 25/05/2010 13:10, Doug R wrote:
Quoted text here. Click to load it

Google is your friend. I found:

"can't turn on system restore in windows 7

http://windows.microsoft.com/en-CA/windows7/Turn-System-Restore-on-or-off

"can't turn on security centre in windows 7" yielded this among others:

http://forums.cnet.com/5208-19411_102-0.html?threadID=352274

Hope these help, you can always do another search yourself.

wolf k.

Re: Virus Disabled System Restore & Windows Security



Thanks WolfK but I've tried all those options. Every place where it's
conceivable to turn on System Restore is grayed out and I get the
message "System Restore has been turned off by your administrato". Is
there anything I can do to turn it back on?


Quoted text here. Click to load it


Re: Virus Disabled System Restore & Windows Security



On 25/05/2010 19:42, Doug R wrote:
Quoted text here. Click to load it

Only by editing the registry, and I don't have enough expertise to tell
you how. I hope someone else does/has given advice.

wolf k.
(been away for a few days gallivanting on Toronto.)

Re: Virus Disabled System Restore & Windows Security




| Hello All,
| Some months back I was infected by some virus but running Malwarebytes
| and other anti virus programs cleaned it up......or so I thought. I
| just realized that it disabled System Restore and Windows Security
| Service Center. When I try to turn on Security Center I get an error
| message saying it can't be started and when I go to system restore I
| get a "System Restore has been turned off by system admin". I can't
| use System Restore at all now. I run Windows 7 Home Premium 64 bit and
| System Restore is a tool that I need. Does anyone have any ideas how I
| can get these features working again.
| Thank you.

Malware wants to stay on the PC as long as it can.  It will perform measures of
"self
preservation" such that it makes it harder to remove.

The NT Based OS has "policies" that can be used in an environemnt to set
restrictions on
the users as needed by the administrator.  The Policies can be set on a Active
Directoty
Domain and are called Group Policies.  The Policies that are set on the PC are
known as
Local Policies.  The malicious authors have learned to incoporate these
administrative
local policies into their malware as maesures of self preservation.  Usually
MBAM will
remove thse Policies.  The message "System Restore has been turned off by system
admin" is
indicative of such a local policy.

There are two possibilities, you are still infected or MBAM missed resetting the
assocaited policies.

You said you used MBAM "Some months back".  Have you updated it to v1.46 and run
an scan
since you found thsese problems ?

Note:  There is no need to Multi-Post  those that read  alt.comp.virus  also
read
alt.comp.anti-virus .  The objective is to Cross-Post to both groups.  That is
put BOTH
alt.comp.virus  & alt.comp.anti-virus on the line (and any other related groups)
for what
news groups you want to post to.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Virus Disabled System Restore & Windows Security



David H. Lipman wrote:
Quoted text here. Click to load it

Harder but not impossible!

If you track the install with REVO uninstaller Pro
you can remove it more easily when you're done.
http://www.revouninstaller.com/

Re: Virus Disabled System Restore & Windows Security



Quoted text here. Click to load it

No configuration hints (including registry hacks) are going to help you
until the malware is removed or disabled. If MBAM indeed 'cleaned it up'
I suspect it may have a misidentification issue. Have you tried
SUPERAntiSpyware?



Re: Virus Disabled System Restore & Windows Security



What I found was that the virus had added a line to the registry
turning Restore off. I deleted that one line and all is good again.
Thanks for replying!








On Wed, 26 May 2010 16:57:09 -0400, "FromTheRafters"

Quoted text here. Click to load it


Re: Virus Disabled System Restore & Windows Security




| What I found was that the virus had added a line to the registry
| turning Restore off. I deleted that one line and all is good again.
| Thanks for replying!

If you read my post, that was a "local policy".


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Virus Disabled System Restore & Windows Security



Funny that MBAM didn't do that for you. Sometimes code in a new version
of a malware can be close enough to code in a previous version that a
detector misidentifies version 'b' as version 'a' and the resulting
cleaning becomes incomplete. I don't suppose you have the original
malware quarantined somewhere?

Quoted text here. Click to load it

[...]



Site Timeline